Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4052667rdb; Mon, 11 Dec 2023 07:37:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IEYUSaefb75Y4zD1ElZRJ4/mwfdWf8xD5CLBFMoSYb2rboS6kFr0YiEpuhM/mMmxvHXJnNM X-Received: by 2002:a05:6a00:2d9e:b0:6cd:fda4:b57c with SMTP id fb30-20020a056a002d9e00b006cdfda4b57cmr6054230pfb.15.1702309064548; Mon, 11 Dec 2023 07:37:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702309064; cv=none; d=google.com; s=arc-20160816; b=WzDzi83Eru4kiO/hNsbb51USf7Obju4tHB9uv/RkJd+w/AtNJYzf07WuwBc8+/Y5gx eimU5fUShp06rYQM6ociqIcRY3T+AruFbX+e3J40n7o+motDo8AYjWRwHdTvqhTgobxm fGWKVN1rXvk225UQn3fKxckYYoWm68qHLCyIlXlBNlFUalUZd8vk95fpWArBHlqQ2f3D qwVBvMXBzrxM7mMUZp9+kZ3Uw0FtNCFQe4LVH9SxqzOWfAaRhg1wp7BaLJ0Cdk5hJpEF e/OTWsrTVD5ZeCPpA1bUmD2OYaH6MrjeAGxUzKS/9QRGltribsoZVKNGtT8gbHQnXusW kTFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=ANzPo5IxcZJG6GEM5HQc/DVpr6eRyK7i9OWgNGr/NHQ=; fh=Xd5Kfoe6zf/95pfCbGLKo2NZ5n6xperN52CLMRMn0oA=; b=yXEqCjsYN8IvMeEgdmqF4OmfUwEApLIuZbahIrkztq0xnOIEjHHULHiSVyQoQ9TXUB 1rnZTmn5rS67U4q9qWCQu+cH0lOd2hWhktNhUmodKs5DDNvZzL5d/zoLg4BRyMaMasZ9 yQK715xnJ03UN7q0U3mrJPjWZUfpVe3PlawYqLdWibjyP6D1wT0QHhB5+VxcpMJFOiIV ZcKb9y+XdIoUVX6FKNm2m51pJg0VZvDIKsAWE+AKZ8iVj67+lmjBF6v2wOBUeLl2YNBu 46JV1eYozD1KLU75lqzLnVweIO3NTnHx6WMIR9jXSHEi42w1o3VRInqWNwGVwRbaudg4 CRTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id o198-20020a62cdcf000000b006ce03f8d014si5974732pfg.391.2023.12.11.07.37.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 07:37:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 239958084955; Mon, 11 Dec 2023 07:37:41 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344105AbjLKPh0 (ORCPT + 99 others); Mon, 11 Dec 2023 10:37:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344132AbjLKPhY (ORCPT ); Mon, 11 Dec 2023 10:37:24 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 29FDFE4; Mon, 11 Dec 2023 07:37:30 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 61CBBFEC; Mon, 11 Dec 2023 07:38:16 -0800 (PST) Received: from FVFF77S0Q05N.cambridge.arm.com (FVFF77S0Q05N.cambridge.arm.com [10.1.34.127]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 86C763F738; Mon, 11 Dec 2023 07:37:25 -0800 (PST) Date: Mon, 11 Dec 2023 15:37:20 +0000 From: Mark Rutland To: Robin Murphy Cc: Will Deacon , Joerg Roedel , Christoph Hellwig , Vineet Gupta , Russell King , Catalin Marinas , Huacai Chen , WANG Xuerui , Thomas Bogendoerfer , Paul Walmsley , Palmer Dabbelt , Albert Ou , Lorenzo Pieralisi , Hanjun Guo , Sudeep Holla , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Suravee Suthikulpanit , David Woodhouse , Lu Baolu , Niklas Schnelle , Matthew Rosato , Gerald Schaefer , Jean-Philippe Brucker , Rob Herring , Frank Rowand , Marek Szyprowski , Jason Gunthorpe , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-acpi@vger.kernel.org, iommu@lists.linux.dev, devicetree@vger.kernel.org Subject: Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits Message-ID: References: <2ae6199a9cf035c1defd42e48675b827f41cdc95.1701268753.git.robin.murphy@arm.com> <20231211132757.GE25681@willie-the-truck> <91b22090-485f-49c9-a536-849fd7f92f8e@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <91b22090-485f-49c9-a536-849fd7f92f8e@arm.com> X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 11 Dec 2023 07:37:41 -0800 (PST) On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote: > On 2023-12-11 1:27 pm, Will Deacon wrote: > > On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote: > > > Return the Root Complex/Named Component memory address size limit as an > > > inclusive limit value, rather than an exclusive size. This saves us > > > having to special-case 64-bit overflow, and simplifies our caller too. > > > > > > Signed-off-by: Robin Murphy > > > --- > > > drivers/acpi/arm64/dma.c | 9 +++------ > > > drivers/acpi/arm64/iort.c | 18 ++++++++---------- > > > include/linux/acpi_iort.h | 4 ++-- > > > 3 files changed, 13 insertions(+), 18 deletions(-) > > > > [...] > > > > > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c > > > index 6496ff5a6ba2..eb64d8e17dd1 100644 > > > --- a/drivers/acpi/arm64/iort.c > > > +++ b/drivers/acpi/arm64/iort.c > > > @@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id) > > > { return -ENODEV; } > > > #endif > > > -static int nc_dma_get_range(struct device *dev, u64 *size) > > > +static int nc_dma_get_range(struct device *dev, u64 *limit) > > > { > > > struct acpi_iort_node *node; > > > struct acpi_iort_named_component *ncomp; > > > @@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size) > > > return -EINVAL; > > > } > > > - *size = ncomp->memory_address_limit >= 64 ? U64_MAX : > > > - 1ULL<memory_address_limit; > > > + *limit = (1ULL << ncomp->memory_address_limit) - 1; > > > > The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe > > to drop that? You mention it in the cover letter, so clearly I'm missing > > something! > > Because an unsigned shift by 64 or more generates 0 (modulo 2^64), I'm pretty sure that regardless of whether a type is signed, shifting more than the type's width is undefined behaviour. That causes GCC to scream at compile time: | CC arch/arm64/kernel/setup.o | arch/arm64/kernel/setup.c: In function 'shift_test': | arch/arm64/kernel/setup.c:295:20: warning: left shift count >= width of type [-Wshift-count-overflow] | 295 | return 1UL << 64; | | ^~ ... and a UBSAN splat: | ================================================================================ | UBSAN: shift-out-of-bounds in arch/arm64/kernel/setup.c:295:13 | shift exponent 64 is too large for 64-bit type 'long unsigned int' | CPU: 0 PID: 0 Comm: swapper Not tainted 6.7.0-rc1-00005-g06034455cb74-dirty #3 | Call trace: | dump_backtrace+0x90/0xe8 | show_stack+0x18/0x24 | dump_stack_lvl+0x48/0x60 | dump_stack+0x18/0x24 | __ubsan_handle_shift_out_of_bounds+0x114/0x244 | shift_test+0x24/0x34 | setup_arch+0x238/0x68c | start_kernel+0x70/0x610 | __primary_switched+0xbc/0xc4 | ================================================================================ Mark. > thus > subtracting 1 results in the correct all-bits-set value for an inclusive > 64-bit limit. > > Thanks, > Robin. > > > > return 0; > > > } > > > -static int rc_dma_get_range(struct device *dev, u64 *size) > > > +static int rc_dma_get_range(struct device *dev, u64 *limit) > > > { > > > struct acpi_iort_node *node; > > > struct acpi_iort_root_complex *rc; > > > @@ -1408,8 +1407,7 @@ static int rc_dma_get_range(struct device *dev, u64 *size) > > > return -EINVAL; > > > } > > > - *size = rc->memory_address_limit >= 64 ? U64_MAX : > > > - 1ULL<memory_address_limit; > > > + *limit = (1ULL << rc->memory_address_limit) - 1; > > > > Same thing here. > > > > Will